Per Jessen wrote:
Dennis Peterson wrote:
Per Jessen wrote:
What's the current schedule for 0.90? And what are my options (for
not having clamav consider phishing==virus) until then?
I'm using libclamav programmatically - I don't suppose cl_scanfile()
could be convinced to return CL_PHISHING when appropriate :-)
It has always been possible to unpack the pattern files and remove the
parts you don't like. The various parts are clearly marked.
OK, thanks - I'll have to look into that. Any reference info you could
point me to? Or just RTFM?
Here's a script that should work. Read the assumptions carefully and
mind the emailer linewrapping in logger strings:
no-phishing.sh
#! /usr/bin/sh
# Assumptions:
# Freshclam database directory is not the same location as clamd
# Freshclam does not notify clamd when new databases are available
# Clamd listens on inet localhost:3310
# There are no cvd files in the clamd database directory
# Location of clam and freshclam config files
freshclam_conf="/usr/local/etc/freshclam.conf"
clam_conf="/usr/local/etc/clamd.conf"
# Grab some data from the config files. We need to know the clam user,
# and the locations of the freshclam and clamd database directories
freshclamdb_dir=`awk '/^DatabaseDirectory/ {print $2}' $freshclam_conf`
clamdb_dir=`awk '/^DatabaseDirectory/ {print $2}' $clam_conf`
clam_user=`awk '/^User/ {print $2}' $clam_conf`
# Ensure we have two database directories so we don't upset clamd
# when we thrash the files. If not then log error and exit.
if [ "$freshclamdb_dir" -eq "$clamdb_dir" ]; then
/usr/bin/logger -t "No-Phishing" -p mail.warn "Warning: Freshclam and
Clamd cannot use the same database directory!!"
echo "Warning: Freshclam and Clamd cannot use the same database
directory!!"
exit 1
fi
# Ensure there are no cvd files in the clamd database directory
if [ -f $clamdb_dir/*.cvd ]; then
/usr/bin/logger -t "No-Phishing" -p mail.warn "Warning: cvd files
found in the Clamd database directory!!"
echo "Warning: cvd files found in the Clamd database directory!!"
exit 1
fi
# We'll do our work in the freshclam database directory
cd $freshclamdb_dir
# Unpack the cvd files. Don't discard them as freshclam will need
# them for the next download
/usr/local/bin/sigtool -u daily.cvd
/usr/local/bin/sigtool -u main.cvd
# Remove the Phishing patterms from the ndb files
# Use egrep -v "pattern1|pattern2|pattern3" file.ndb >file.tmp
# for excluding multiple pattern
/usr/bin/grep -v Phishing main.ndb >main.tmp
/usr/bin/grep -v Phishing daily.ndb >daily.tmp
# Overwrite the original ndb files with the tmp files
/usr/bin/mv main.tmp main.ndb
/usr/bin/mv daily.tmp daily.ndb
# Use rsync to move the files to the clamd database directory
/usr/local/bin/rsync *.db *.fp *.hdb *.ndb *.zmd $clamdb_dir
# Set the ownership
/usr/bin/chown $clam_user $clamdb_dir/*
#Notify clamd using mconnect (Solaris)
echo "RELOAD" |/usr/bin/mconnect -p 3310
# Clean up the current directory leaving only the cvd files
/usr/bin/rm COPYING *.db *.fp *.hdb *ndb *.zmd
exit 0
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
